An approach for a first host to establish communication with a second host comprising receiving an signal from a client that the client is in enrolled in a first communication group with the first host and enrolled in a second communication group with the second host, sending a first host-specific certificate and a pairing request message, receiving a second host-specific certificate and a first value, verifying the second host-specific certificate, verifying the first value, sending a second value, receiving a third value and an encrypted message, determining a fourth value equals the third value, deriving a temporary key, decrypting the encrypted message using the temporary key, obtaining a group key for the second communication group from the decrypted message, sending a group key for the first communication group, and receiving a verification message from the second host indicating successful establishment of communication.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for a first host to establish communication with a second host, the method comprising: receiving a signal from a client that the client is in enrolled in a first communication group with the first host and enrolled in a second communication group with the second host; sending a first host-specific certificate and a pairing request message to the second host in response to the signal; receiving a second host-specific certificate and a first value from the second host; verifying the second host-specific certificate; verifying the first value in response to the second host-specific certificate being a valid certificate; sending a second value to the second host in response to the first value being valid; receiving a third value and an encrypted message from the second host; determining a fourth value equals the third value; deriving a temporary key in response to the fourth value equaling the third value; decrypting the encrypted message using the temporary key; obtaining a group key for the second communication group from the decrypted message; sending a group key for the first communication group to the second host; and receiving a verification message from the second host indicating successful establishment of communication.
2. The method of claim 1 , further comprising computing the fourth value in response to receiving the third value and the encrypted message from the second host.
3. The method of claim 1 , further comprising signing the pairing request message with a private key.
4. The method of claim 1 , wherein the first value is verified using a public key.
5. The method of claim 4 , further comprising: generating the second value in response to the first value being valid; and signing the second value with a private key.
6. The method of claim 1 , further comprising decrypting the verification message using the group key for the first communication group.
7. The method of claim 1 , further comprising using the group key for the first communication group and the group key for the second communication group to communicate with the second host.
8. A device configured to act as a first host and establish communication with a second host, the device comprising: a memory; and a controller comprising one or more circuits, the controller being communicatively coupled to the memory and configured to: receive a signal from a client that the client is enrolled in a first communication group with the first host and enrolled in a second communication group with the second host; send a host-specific certificate and a pairing request message to the second host in response to the signal; receive a second host-specific certificate and a first value from the second host; verify the second host-specific certificate; verify the first value in response to the second host-specific certificate being a valid certificate; send a second value to the second host in response to the first value being valid; receive a third value and an encrypted message from the second host; determine a fourth value equals the third value; derive a temporary key in response to the fourth value equaling the third value; decrypt the encrypted message using the temporary key; obtain a group key for the second communication group from the decrypted message; send a group key for the first communication group to the second host; and receive a verification message from the second host indicating successful establishment of communication.
9. The device of claim 8 , wherein the controller is further configured to compute the fourth value in response to receiving the third value and the encrypted message from the second host.
10. The device of claim 8 , wherein the controller is further configured to sign the pairing request message with a private key.
11. The device of claim 8 , wherein the controller is configured to verify the first value is verified using a public key.
12. The device of claim 11 , wherein the controller is further configured to: generate the second value in response to the first value being valid; and sign the second value with a private key.
13. The device of claim 8 , wherein the controller is further configured to decrypt the verification message using the group key for the first communication group.
14. The device of claim 8 , wherein the controller is further configured to use the group key for the first communication group and the group key for the second communication group to communicate with the second host.
15. A system for establishing communication between two host-devices, the system comprising: a first host having a first host-specific certificate; and a second host configured to: receive a signal from a client that the client is enrolled in a first communication group with the first host and enrolled in a second communication group with the second host; send a second host-specific certificate and a pairing request message to the first host in response to the signal; receive the first host-specific certificate and a first value from the first host; verify the first host-specific certificate; verify the first value in response to the first host-specific certificate being a valid certificate; send a second value to the first host in response to the first value being valid; receive a third value and an encrypted message from the first host; determine a fourth value equals the third value; derive a temporary key in response to the fourth value equaling the third value; decrypt the encrypted message using the temporary key; obtain a group key for the first communication group from the decrypted message; send a group key for the second communication group to the first host; and receive a verification message from the first host indicating successful establishment of communication.
16. The system of claim 15 , the second host further configured to compute the fourth value in response to receiving the third value and the encrypted message from the first host.
17. The system of claim 15 , the second host further configured to sign the pairing request message with a private key.
18. The system of claim 15 , the second host further configured to: generate the second value in response to the first value being valid; and sign the second value with a private key.
19. The system of claim 15 , the second host further configured to decrypt the verification message using the group key for the second communication group.
20. The system of claim 15 , the second host further configured to use the group key for the first communication group and the group key for the second communication group to communicate with the first host.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 11, 2018
December 15, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.